From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41101)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1Uu7Hs-0005jP-60
	for qemu-devel@nongnu.org; Tue, 02 Jul 2013 16:34:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1Uu7Hr-0000dV-01
	for qemu-devel@nongnu.org; Tue, 02 Jul 2013 16:34:56 -0400
Received: from [2a03:4000:1::4e2f:c7ac:d] (port=55888
	helo=v220110690675601.yourvserver.net)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1Uu7Hq-0000dP-QV
	for qemu-devel@nongnu.org; Tue, 02 Jul 2013 16:34:54 -0400
Message-ID: <51D3396B.108@weilnetz.de>
Date: Tue, 02 Jul 2013 22:34:51 +0200
From: Stefan Weil <sw@weilnetz.de>
MIME-Version: 1.0
References: <1371377676-18809-1-git-send-email-sw@weilnetz.de>
In-Reply-To: <1371377676-18809-1-git-send-email-sw@weilnetz.de>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] hw/9pfs: Fix potential memory leak and
 avoid reuse of freed memory
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>, qemu-devel <qemu-devel@nongnu.org>

Am 16.06.2013 12:14, schrieb Stefan Weil:
> The leak was reported by cppcheck.
>
> Function proxy_init also calls g_free for ctx->fs_root.
> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> ---
>
> Hi,
>
> I'm not sure whether ctx->fs_root should also be freed in the error case.
> Please feel free to modify my patch if needed.
>
> Regards
> Stefan Weil
>
>  hw/9pfs/virtio-9p-proxy.c |    2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
> index 8ba2959..5f44bb7 100644
> --- a/hw/9pfs/virtio-9p-proxy.c
> +++ b/hw/9pfs/virtio-9p-proxy.c
> @@ -1153,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
>          sock_id = atoi(ctx->fs_root);
>          if (sock_id < 0) {
>              fprintf(stderr, "socket descriptor not initialized\n");
> +            g_free(proxy);
>              return -1;
>          }
>      }
>      g_free(ctx->fs_root);
> +    ctx->fs_root = NULL;
>  
>      proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
>      proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;


Ping?